Future of VPN: CIPE or IPSEC?

[WipeOut]

Christians, Stefan Mr. wrote:

>We are just migrating our network from RHL 8.0 and 9 to Fedora Core 1.
>
>Up to now we have had an IPSEC VPN by using FreeS/wan patches. Since we
>implemented the VPN, some things have changed:
>
>1) The reasons we had for choosing IPSEC over CIPE turned out to be
>non-issues (all arguments we had for using IPSEC were never used, needed
>or implemented).
>
>2) We have found all software not included in the standard distribution
>packages to cause maintenance nightmares. We have therefore decided that
>if a required functionality is included in the standard distribution, we
>will not use 3rd party solutions.
>
>
>So now the big question for us is whether we should migrate our VPN
>routers to Fedora Core 1 and convert them to CIPE, or whether we should
>wait a few more months until the 2.6 kernel with integrated IPSEC is
>included in the standard distribution.
>
>The key question here is whether CIPE will be maintained as a Fedora
>Package once the 3.6 kernel is distributed, or whether it will gradually
>be phased out. We want to avoid converting to CIPE now and then back to
>IPSEC again after a year.
>
>Can any Fedora developer or strategist comment on this?
>
>
>  
>
You might want to take a look at Trustix www.trustix.net for you VPN 
routers..

Its an application specific distro with a prime objective of security 
and based originally on RH.. It has the Freeswan rpms as part of the 
distro so they are maintained by the team.. Also does away with the 
packages that are not needed for servers or routers so a minimum install 
is only about 90MB compared to Fedora of 500+..

That way you don't have to abandon your knowledge of freeswan..

Later..